[Samba] updates of repsFrom/repsTo attributes (was : Re: replPropertyMetaData & KCC issues after updating to Samba 4.5.0)

[lingpanda101 at gmail.com]

On 9/24/2016 7:32 AM, Denis Cardon wrote:
>
> the job of the samba_kcc script is to create the ntdsConnection 
> objects. Afterward the repsFrom/repsTo attribute are created in 
> accordance with the ntdsConnection objects (you can force the creation 
> using samba-tool drs replicate although). You can check that the 
> process is asynchronous when you join a new DC, the INBOUND and 
> OUTBOUND entries are coming later on after the ntdsConnection object 
> has been created.
>
> You can find repsFrom/repsTo attributes at on the root ldap entries of 
> each of the five AD partitions. Those entries correspond to the 
> INBOUND and OUTBOUND display in the samba-tool drs showrepl command.
>
> However there is currently no standard way to delete the leftover of 
> repsfrom/repsto, others than deleting the repsFrom/repsTo attribute 
> manually or through scripting (python-ldb is your friend here).
>
> I had a discussion with Garming a while ago about this issue, and it 
> was not clear what process was responsible to remove spurious/leftover 
> repsfrom/repsto attribute. With the old kcc, it was not such an issue 
> because it was full meshed, however with the new KCC, it would indeed 
> be good to have some more tooling for drs maintenance and monitoring.
>
> By the way, KCC computation algorithm specifications from Microsoft 
> are kind of mind boggling, so there might need some more tweaking, but 
> thanks to Garming it is has done the job for us since 4.3.0 for almost 
> one year.
>
> Cheers,
>
> Denis
>
>
>>
>>
>

Wasn't aware of this. Thank you for the info. If I was to delete the 
incorrect respsFrom/repsTo attributes, wouldn't the KCC just regenerate 
them over time once the KCC check and ISTG check kicked in?

-- 
-James